The Raggruppamento Operativo Speciale (ROS), or Special Operations Group, is part of the Italian Carabinieri. Founded on 3 December 1990 to coordinate investigative activities against organized crime, it now the main investigative arm of the Carabinieri which deals with organized crime and terrorism. The ROS reports directly to the Carabinieri General Command.

It was created from the remains of the Special Anti-terrorism Unit in the 1970s by General Carlo Alberto Dalla Chiesa to combat terrorism in Italy. It had centers in Genoa, Naples, Milan, Padua, Rome and Turin. Having defeated the Red Brigades in the 1980s, the Special Anti-terrorism Unit was also employed to investigate organized crime.

The ROS command center coordinates the activities of 26 regional anti-crime sections. The headquarters is organized as follows:

Three investigative service centers:

Organized crime

Drug trafficking and kidnapping

Analysis

An anti-subversion unit

A technical support unit

The staff of the ROS is extremely specialized and 75 percent of its personnel are officers and non-commissioned officers of the Carabinieri. The other quarter of its members are lower-ranking police officers. In order to encourage synergy with the territorial units, the staff of the ROS often attends professional refresher courses and conferences with the Polizia di Stato and the Guardia di Finanza.

Among the investigative methods used by the ROS, one of most effective and dangerous for the investigator is the undercover infiltration of gangs used in investigations into narcotics, kidnapping, money laundering, and the smuggling of arms, ammunition and explosives.

Buried in a recent 158-page U.N. report on how terrorists use the Internet is the so-called "protocol of a systematic approach". The protocol, authored by Raggruppamento, is significant because it has been implemented by authorities across the world, according to the United Nations. The document outlines the stages law enforcement agencies should go through when conducting electronic surveillance of suspects: first, by obtaining data and “cookies” stored by websites like Facebook, Google, eBay and PayPal; second, by obtaining location data from servers used by VoIP Internet phone services (like Skype); then, by conducting a “smart analysis” of these data before moving on to the most serious and controversial step: intercepting communications, exploiting security vulnerabilities in communications technologies for “intelligence-gathering purposes,” and even infecting a target computer with Trojan-horse spyware to mine data.